Since we used the action TRAP_AND_REJECT as an interface policy, it will get all the traffic not accepted, rejected, or dropped by the server and client statements.

For all these packets, the action TRAP_AND_REJECT will first check that they are coming in from wan0, that their src IP is not in UNROUTABLE_IPS list and in the whitelist ipset, that they are NEW connections, and if all these conditions are met, it will log with the tag POLICY TRAP and add the src IP of the packets in the policytrap ipset for 30 seconds.

All traffic not matched by the above, will be just rejected.

sockets_suspects_trap type actions

The type sockets_suspects_trap will automatically a custom trap using the following template: